-1

I have an Asp.net application hosted on one domain say abc.com and I have another MVC Web API hosted on a different domain say api.abc.com.

Now from the web application(abc.com), I am making a javascript ajax call to my web api endpoint(api.abc.com/getproducts) which is not the same domain. So what are the different mechanism i can use to authenticate the API calls made to api endpoint? The goal is to secure api so can avoid unauthenticated calls and also avoid unnecessarily complex structure.

Is it good practice to make web API call from javascript? via Ajax request.

Jaypal Solanki
  • 1
  • 2

1 Answers1

0

This is a very broad question, here are some links from what I can gleam from your question. My suggestion for the future is to include code, and make the question more specific.

Security and Authentication in MVC applications: https://learn.microsoft.com/en-us/aspnet/mvc/overview/security/

CORS: https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1

.NET Core: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-3.1

Similar Question: Cross-domain authentication ASP.net MVC

Jenn
  • 884
  • 8
  • 16